Topics | Spoiledlunch

Start here

Read this beat in order

Start with the pieces that explain how governance theater forms, then move into the essays that show where evidence, ownership, and control design actually break.

Step 1

The SOC 2 Compliance Cargo Cult

April 18, 2026 / 7 min read

The cleanest entry point into the site’s anti-ceremony stance on compliance and control programs.

SOC 2 compliance has become a cargo cult ritual in enterprise security. Organizations implement the ceremonial controls, follow the prescribed procedures, and wait for …

Start here

Step 2

Compliance Exceptions Tell You More Than Your Passed Controls

May 26, 2026 / 4 min read

A sharper view of where control programs reveal the truth once the green boxes stop flattering anyone.

Organizations love to report passed controls because passed controls are flattering. They suggest order. They suggest repeatability. They suggest that the environment …

Start here

Core threads

What this beat keeps arguing about

Questions

Start with the pressure points

Which controls are real operating constraints, and which ones are just well-documented beliefs?
Where does evidence prove execution instead of merely proving preparation?
What stays unresolved because the program can record the problem without forcing a decision?

Brief

EDPB Publishes One-Stop-Shop Digest on Legitimate Interest

March 26, 2026

Summary: EDPB published a digest of one-stop-shop decisions on legitimate interest, giving privacy teams a clearer signal on how regulators …

Read brief

Brief

EDPB conference on cross-regulatory cooperation: what we learned

March 24, 2026

Summary: EDPB used its March conference to press for deeper coordination between privacy regulators and adjacent EU authorities, signaling …

Read brief

Brief

NIST Releases CSF 2.0 Quick-Start Guides for ERM and Informative References

March 23, 2026

Summary: NIST announced two Cybersecurity Framework 2.0 quick-start guide updates on March 23, 2026. The agency released the final SP 1308 …

Read brief

Brief

EDPB and EDPS Back Stronger EU Cybersecurity Rules While Guarding Personal Data

March 19, 2026

Summary: EDPB and EDPS issued a joint opinion on the Commission’s CSA2 and NIS2 proposals, arguing the EU can streamline cybersecurity …

Read brief

Brief

EDPB Sets a 2026-2027 Programme Focused on Compliance and Regulatory Coordination

February 12, 2026

Summary: The European Data Protection Board adopted its 2026-2027 work programme on February 12, 2026. The programme emphasizes making GDPR …

Read brief

Article

Data Privacy Week: How a Single Day Became a Marketing Event

January 26, 2026 / 3 min read

It’s Data Privacy Week. Or is it Data Privacy Day? The confusion isn’t accidental. What started as a legitimate European observance on January 28 has expanded into a week-long …

Read analysis

Other beats

Explore another topic

Topic

Security

Topic